Install SSL Certificates on Portainer via Portainer UI<\/h3>\n\n\n\n
If you want to configure Portainer with SSL certificates after the installation, login to your Portainer web interface.<\/p>\n\n\n\n
- \n
- Navigate to Settings > SSL Ceritificate<\/strong>.<\/li>\n<\/ul>\n\n\n\n
![\"Setup](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/portainer-ui-ssl-setup.png\" "\\"\\"")
<\/figure><\/div><\/a><\/div>\n\n\n\n- \n
- Next, configure Portainer to listen on HTTPS ONLY by toggling the Force HTTPS only<\/strong> button ON<\/strong>. As already warned, Any edge agent environment that is using HTTP will no longer be available. Also ensure you can access Portainer with HTTPS (self-signed) with no issues before.<\/li>\n\n\n\n
- Upload the X.509 SSL certificate by clicking Select File<\/strong> button. The certificates should be in PEM format.<\/li>\n\n\n\n
- Similarly, upload the private key.<\/li>\n<\/ul>\n\n\n\n
![\"Setup](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/configure-ssl-portainer.png\" "\\"\\"")
<\/figure><\/div><\/a><\/div>\n\n\n\n- \n
- Save the changes by clicking Apply Changes<\/strong> button.<\/li>\n\n\n\n
- Immediately you apply the changes, you may be disconnected for a second.<\/li>\n\n\n\n
- You can now re-access your Portainer using the domain name, https:\/\/portainer-domain-name:9443<\/strong>.<\/li>\n<\/ul>\n\n\n\n
Configure Portainer with SSL Certificates during Portainer Installation<\/h3>\n\n\n\n
You can also while install Portainer, configure it to use your custom SSL certificates instead of the automatically generated self-signed ones.<\/p>\n\n\n\n
- \n
- Generate and store the SSL certificates and keys on specific path on the Portainer host server.\n
- \n
- For example, our certificates\/keys are stored under the Portainer host server path,
\/etc\/ssl\/certs\/portainer\/<\/code>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\nls -1 \/etc\/ssl\/certs\/portainer\/<\/code><\/pre>\n\n\n\nkifarunix.com.crt\nkifarunix.com.key<\/code><\/pre>\n\n\n\n- \n
- Once you have the certificates in place, then you can now proceed to install Portainer docker container with SSL certificates by adding a few command line options to the installation command<\/a> we used in our guides before.<\/li>\n<\/ul>\n\n\n\n
docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always \\\n-v \/var\/run\/docker.sock:\/var\/run\/docker.sock \\\n-v \/etc\/ssl\/certs\/portainer:\/certs \\\n-v pt_data:\/data \\\nportainer\/portainer-ce:latest \\\n--ssl --sslcert \/certs\/kifarunix.com.crt \\\n--sslkey \/certs\/kifarunix.com.key<\/code><\/pre>\n\n\n\nNote the
--ssl\/--sslcert\/--sslkey<\/code><\/strong> options comes after specify the Portainer image.<\/p>\n\n\n\nDemistifying the docker command line options used above;<\/p>\n\n\n\n
- \n
-d\/--detach<\/code><\/strong>: Causes the container to run in the background and print container ID<\/li>\n\n\n\n-p\/--publish<\/strong><\/code>: Exposes\/Publishes a container\u2019s port(s) to the host.\n- \n
- For example,
9443:9443<\/code><\/strong> means Portainer server container port 9443 can be accessed on the main Docker host on port 9443.<\/li>\n<\/ul>\n<\/li>\n\n\n\n--name<\/code><\/strong>: Assign a name to the container.<\/li>\n\n\n\n--restart<\/strong><\/code>: Restart policy to apply when a container exits (default \u201cno\u201d)\n- \n
always<\/code><\/strong> means Always restart<\/em> the container<\/em> regardless of the exit status<\/li>\n\n\n\n- it also causes the container to start on daemon startup, regardless of the current state of the container<\/li>\n<\/ul>\n<\/li>\n\n\n\n
-v\/--volume<\/code><\/strong>: Bind mount a Docker container volume.\n- \n
-v \/var\/run\/docker.sock:\/var\/run\/docker.sock<\/code><\/strong>: This causes the Portainer Server container process to communicate with the main host Docker process.<\/li>\n\n\n\n-v pt_data:\/data<\/code><\/strong>: Mounts the Portainer Server container data,\/data<\/code><\/strong>, to the host path\/var\/lib\/docker\/volumes\/pt_data<\/code><\/strong>.<\/li>\n\n\n\n-v \/etc\/ssl\/certs\/portainer:\/certs<\/strong><\/code>: Mounts the Portainer Hosts SSL certificate path to the Portainer Docker container \/certs<\/strong> directory so that the container can access the certificates internally.<\/li>\n<\/ul>\n<\/li>\n\n\n\n- And then of course the Portainer image we are using, the Portainer CE latest container image,
portainer\/portainer-ce:latest<\/code><\/strong>.<\/li>\n\n\n\n--ssl\/--sslcert\/--sslkey<\/code><\/strong>: defines how the Portainer container will access the certificates internally.<\/li>\n<\/ul>\n\n\n\nAnd there you go. You should now be able to access your Portainer Web interface with secure HTTPS.<\/p>\n\n\n\n
![\"Setup](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/06\/portainer-https.png\" "\\"\\"")
<\/figure><\/div><\/a><\/div>\n\n\n\nAnd that is how you can configure Portainerto use SSL Certificates on a standalone Docker deployment option.<\/p>\n\n\n\n
Referece;<\/p>\n\n\n\n
Portainer SSL<\/a><\/p>\n\n\n\n
Other Tutorials<\/p>\n\n\n\n
Create Locally Trusted SSL Certificates with mkcert on Ubuntu 20.04<\/a><\/p>\n\n\n\n
- Once you have the certificates in place, then you can now proceed to install Portainer docker container with SSL certificates by adding a few command line options to the installation command<\/a> we used in our guides before.<\/li>\n<\/ul>\n\n\n\n
- For example, our certificates\/keys are stored under the Portainer host server path,
- Upload the X.509 SSL certificate by clicking Select File<\/strong> button. The certificates should be in PEM format.<\/li>\n\n\n\n
- Next, configure Portainer to listen on HTTPS ONLY by toggling the Force HTTPS only<\/strong> button ON<\/strong>. As already warned, Any edge agent environment that is using HTTP will no longer be available. Also ensure you can access Portainer with HTTPS (self-signed) with no issues before.<\/li>\n\n\n\n